Moving README.security info into README.chromium?
392 views
Skip to first unread message
Nico Weber
Dec 11, 2024, 8:04:45 PM12/11/24
to security-dev, Jordan Brown
Hi,
We've been getting a lot more organized about metadata in README.chromium recently. Does it make sense to tweak the third-party guidance to keep this data in README.chromium?
https://chromium.googlesource.com/chromium/src/+/main/docs/adding_to_third_party.md?pli=1# currently says: "You may be asked to add a README.security or, in dangerous cases, README.SECURITY.URGENTLY file."
As far as I can tell, we currently have two README.security files and no README.SECURITY.URGENTLY files.
(third_party/android_opengl/README.security says that the library has not been reviewed for handling untrusted input. third_party/simdutf/README.security points out that simdutf is written in C++.)
We've been getting a lot more organized about metadata in README.chromium recently. Does it make sense to tweak the third-party guidance to keep this data in README.chromium?
Benefits:
* It's just one file
* Everybody touching 3rd-party code knows about README.chromium; I'm guessing more or less nobody knows about README.security
* Maybe it's easier for tooling
To be clear, it's not a big thing either way and it doesn't matter all that much. I had just completely forgotten about this guidance until the recent addition of third_party/simdutf/README.security, and I'm in t_p/OWNERS :)
Thanks,
Nico
Alex Gough
Dec 13, 2024, 12:05:19 AM12/13/24
to Security-dev, Nico Weber, Jordan Brown
Having a single README.chromium makes sense, and is likely the only thing anyone will read anyway.
Jordan Brown
Dec 13, 2024, 1:43:05 AM12/13/24
to Alex Gough, Nico Weber, Security-dev, Jiewei Qian, Rachael Newitt
SGTM I'll write a short doc outlining some of the finer details and what changes we'll need to make to docs and automation
ISHWAR KUMAR
Dec 14, 2024, 12:16:35 AM12/14/24
to Jordan Brown, Alex Gough, Nico Weber, Security-dev, Jiewei Qian, Rachael Newitt
Hey,
Can I make this official doc for google chromium ? (would also be my first valuable contribution to chromium) :) - or anything else you would like me to add or change you can assign me so less workload would be on your end as a maintainer ?
Thanks
Ishwar Kumar
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
ISHWAR KUMAR
Dec 16, 2024, 5:52:26 PM12/16/24
to Jordan Brown, Alex Gough, Nico Weber, Security-dev, Jiewei Qian, Rachael Newitt
Any update on this?
Thanks & Regards
Ishwar Kumar
Jordan Brown
Dec 16, 2024, 5:52:26 PM12/16/24
to ISHWAR KUMAR, Alex Gough, Nico Weber, Security-dev, Jiewei Qian, Rachael Newitt
Thanks for offering to help, we discussed it and will likely just move the content to the description field.
I'll keep an eye out for any good opportunities for you to contribute.
Cheers
Jordan
Reply all
Reply to author
Forward
0 new messages